August 2017

Many threat detection systems rely on reviewing logs in order to uncover contagions on the network. In most cases, these logs come in the form of syslogs, NetFlow and IPFIX. In an effort to protect the corporate jewels from the growing attack continuum, some organizations resort to sending the same system logs to multiple security platforms which look for surreptitious infections in different ways. It can become a problem when hundreds or even thousands of devices need to be reconfigured to send logs to a second, third or fourth source.